Friday By the end of Memorial Day weekend this year, it was meat processing giant JBS. On the Friday before the fourth of July, it was the IT management software company Kaseya and, by extension, more than a thousand companies of varying size. It remains to be seen whether Labor Day will also see a fusion of high-profile ransomware, but one thing is clear: hackers love the holidays.
Seriously, ransomware hackers also love weekends. But a long one? When not everyone comes with family and friends and avoids with study anything related to the remote office? These are the good things. And while the trend isn’t new, a joint warning issued this week by the FBI and the Cybersecurity and Infrastructure Agency underscores the seriousness of the threat.
The appeal to attackers is pretty straightforward. Ransomware can take a long time to spread across an entire network, as hackers work to increase privileges to gain maximum control over most systems. The longer it takes anyone to notice, the more damage it can do. “In general, threat actors deploy their ransomware when people are less likely to start plugging in,” says Brett Callow, a threat analyst at antivirus company Emsisoft. “Less likely to detect and interrupt attack”.
Even if caught relatively early, many of the people in charge of treating it are potentially by the pool or at least harder to get than a normal Tuesday afternoon. “Intuitively, it makes sense for advocates to be less attentive during the holidays, in large part because of declining staffing,” says Katie Nickels, intelligence director for security firm Red Canary. “If a major incident occurs during the holidays, it can be more difficult for advocates to bring in the staff needed to respond quickly.”
These are the major incidents that probably caught the attention of the FBI and CISA; in addition to the JBS and Kaseya incidents, the devastating attack on the colonial pipelines took place on Mother’s Day weekend. (It’s not a three-day weekend, but it’s still scheduled for maximum inconvenience.) Agencies said they have no “specific threat notification” that a similar attack will occur during the Day weekend. of Labor, but it shouldn’t come as a sort of surprise if it does.
It is also important to remember that ransomware is a constant threat and that, for every gas shortage, there are dozens of small businesses that at any time are faced with sending bitcoins to cybercrime. Victims reported 2,474 ransomware incidents at the FBI’s Internet Crime Reporting Center in 2020, 20% more than the previous year. Demand from hackers tripled in that same period of time, according to IC3 data. These attacks were not concentrated around the three-day weekends and the Hallmark vacation.
In fact, as the CISA and the FBI acknowledge, weekends are generally popular with thieves. Callow notes that submissions to ID Ransomware, a service created by security investigator Michael Gillespie that allows you to upload rescue notes or encrypted files to find out what affected you, tend to increase on Mondays, when victims have returned to their offices to find their data. encrypted.
Strategic time by hackers also takes other forms. Attacks on schools fall precipitously in late spring and summer, Callow says, because there is much less urgency associated with recovery. When $ 81 million was stolen from the Bank of Bangladesh, the North Korean group Lazarus Group scheduled the robbery to take advantage of not only the differences between the weekends in Bangladesh and the United States — the first is Friday and Saturday. , but also the Lunar New Year, a holiday for much of Asia.